In May 2024, a significant cyber attack targeted Ascension, a large healthcare organization, compromising electronic health records (EHR) and other critical systems across multiple states. This incident underscores the urgent need for robust cybersecurity measures in the healthcare sector, where the protection of sensitive patient data is paramount.

The Ascension Cyber Attack: A Case Study

In May 2024, Ascension, one of the largest healthcare organizations in the U.S., faced a severe ransomware attack. The incident disrupted electronic health records (EHR) and other critical systems across multiple states, affecting patient care and operational functionality.

The attack began with a malicious file download by an employee, which allowed attackers to infiltrate the network. The ransomware quickly spread, locking down several file servers and potentially compromising sensitive patient information. Ascension experienced significant operational disruptions, including the inability to process credit card transactions at its pharmacies and delays in prescription refills.

Ascension’s response involved restoring EHR access in many regions and offering credit monitoring and identity theft protection to affected individuals. While the details of lateral movement within the network were not explicitly confirmed, the attack’s complexity suggests that such techniques were likely employed.

Common Vulnerabilities in Healthcare Systems

Healthcare IT infrastructures are often riddled with vulnerabilities, making them prime targets for cyber attacks. Common weaknesses include outdated software, lack of encryption, insufficient access controls, and inadequate staff training. In the Ascension case, hackers exploited these vulnerabilities to gain a foothold and escalate their privileges within the network.

Outdated Software

Many healthcare systems rely on legacy software that is no longer supported or regularly updated, leaving them susceptible to known exploits. In the Ascension attack, it is believed that outdated operating systems and applications were a significant factor. These systems lacked the necessary patches to defend against the latest threats, providing an easy entry point for the attackers.

Lack of Encryption

Sensitive patient data stored on healthcare networks is often not adequately encrypted. This makes it easier for attackers to access and exfiltrate data once they have penetrated the network. In the case of Ascension, it was reported that some of the accessed files were not encrypted, allowing hackers to easily read and potentially misuse sensitive information.

Insufficient Access Controls

Healthcare organizations frequently have insufficient access controls, meaning that once an attacker gains initial access, they can move laterally across the network with relative ease. During the Ascension breach, inadequate segmentation of network privileges enabled hackers to escalate their access and compromise additional systems. Proper access controls, such as limiting user permissions and implementing role-based access, could have mitigated this risk.

Inadequate Staff Training

Human error remains a critical vulnerability in cybersecurity. Healthcare staff often lack adequate training to recognize phishing attempts and other social engineering tactics. In the Ascension incident, it is suspected that phishing emails were used to deceive employees into downloading malware. Enhanced training programs focusing on cybersecurity awareness could have helped prevent such breaches by reducing the likelihood of successful phishing attacks.

The Role of Privileged Access Management (PAM)

Privileged Access Management (PAM) is a critical component of any cybersecurity strategy, especially in healthcare. PAM solutions help manage and monitor privileged accounts, ensuring that only authorized personnel have access to sensitive data and systems. By controlling and auditing access, PAM can prevent unauthorized activities and reduce the risk of breaches. For instance, implementing PAM could have restricted the attackers’ ability to move laterally within Ascension’s network, limiting the damage caused.

Implementing Effective Cybersecurity Measures

To safeguard healthcare data, organizations must adopt comprehensive cybersecurity measures. Best practices include regular software updates, robust encryption, multi-factor authentication, and continuous staff training on cybersecurity awareness. Additionally, conducting regular security audits and penetration testing can help identify and mitigate potential vulnerabilities.

Admin By Request: A Comprehensive Solution

Admin By Request offers a multi-layered approach to cybersecurity, designed to protect both SMBs and enterprises from sophisticated cyber threats. Our PAM solution addresses the vulnerabilities highlighted in the Ascension case by providing granular access controls, real-time monitoring, and automated approval workflows. By implementing Admin By Request, healthcare organizations can enhance their security posture, ensure compliance with regulatory standards, and safeguard sensitive patient data.

Summary

The Ascension cyber attack serves as a stark reminder of the importance of robust cybersecurity in healthcare. By understanding common vulnerabilities and implementing effective measures, healthcare providers can protect their data and maintain patient trust. Admin By Request stands ready to support these efforts with a comprehensive PAM solution that fortifies defenses and mitigates the risk of future attacks.

Sources:

https://www.bleepingcomputer.com/news/security/ascension-hacked-after-employee-downloaded-malicious-file/https://www.bridgemi.com/michigan-health-watch/ascension-owner-15-michigan-hospitals-confirms-cyberattack-was-ransomware